Hi All,
CISA FBI just published Secure by Design Alert Eliminating Directory Traversal Vulnerabilities in Software
Directory traversal-or path traversal-vulnerabilities remain a persistent class of defect in software products. The software industry has documented directory traversal vulnerabilities, along with effective approaches to eliminate these vulnerabilities at scale, for over two decades.1 Yet software manufacturers continue to put customers at risk by developing products that allow for directory traversal exploitation. CISA and the FBI are releasing this Secure by Design Alert in response to recent well-publicized threat actor campaigns that exploited directory traversal vulnerabilities in software (e.g., CVE-2024-1708, CVE-2024-20345) to compromise users of the software-impacting critical infrastructure sectors, including the Healthcare and Public Health Sector.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------